Visible to the public Biblio

Filters: Author is Wang, Kai  [Clear All Filters]
2023-03-31
Huang, Dapeng, Chen, Haoran, Wang, Kai, Chen, Chen, Han, Weili.  2022.  A Traceability Method for Bitcoin Transactions Based on Gateway Network Traffic Analysis. 2022 International Conference on Networking and Network Applications (NaNA). :176–183.
Cryptocurrencies like Bitcoin have become a popular weapon for illegal activities. They have the characteristics of decentralization and anonymity, which can effectively avoid the supervision of government departments. How to de-anonymize Bitcoin transactions is a crucial issue for regulatory and judicial investigation departments to supervise and combat crimes involving Bitcoin effectively. This paper aims to de-anonymize Bitcoin transactions and present a Bitcoin transaction traceability method based on Bitcoin network traffic analysis. According to the characteristics of the physical network that the Bitcoin network relies on, the Bitcoin network traffic is obtained at the physical convergence point of the local Bitcoin network. By analyzing the collected network traffic data, we realize the traceability of the input address of Bitcoin transactions and test the scheme in the distributed Bitcoin network environment. The experimental results show that this traceability mechanism is suitable for nodes connected to the Bitcoin network (except for VPN, Tor, etc.), and can obtain 47.5% recall rate and 70.4% precision rate, which are promising in practice.
2022-05-10
Ji, Xiaoyu, Cheng, Yushi, Zhang, Yuepeng, Wang, Kai, Yan, Chen, Xu, Wenyuan, Fu, Kevin.  2021.  Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision. 2021 IEEE Symposium on Security and Privacy (SP). :160–175.
Autonomous vehicles increasingly exploit computer-vision-based object detection systems to perceive environments and make critical driving decisions. To increase the quality of images, image stabilizers with inertial sensors are added to alleviate image blurring caused by camera jitters. However, such a trend opens a new attack surface. This paper identifies a system-level vulnerability resulting from the combination of the emerging image stabilizer hardware susceptible to acoustic manipulation and the object detection algorithms subject to adversarial examples. By emitting deliberately designed acoustic signals, an adversary can control the output of an inertial sensor, which triggers unnecessary motion compensation and results in a blurred image, even if the camera is stable. The blurred images can then induce object misclassification affecting safety-critical decision making. We model the feasibility of such acoustic manipulation and design an attack framework that can accomplish three types of attacks, i.e., hiding, creating, and altering objects. Evaluation results demonstrate the effectiveness of our attacks against four academic object detectors (YOLO V3/V4/V5 and Fast R-CNN), and one commercial detector (Apollo). We further introduce the concept of AMpLe attacks, a new class of system-level security vulnerabilities resulting from a combination of adversarial machine learning and physics-based injection of information-carrying signals into hardware.
2021-10-04
Wang, Kai, Yuan, Fengkai, HOU, RUI, Ji, Zhenzhou, Meng, Dan.  2020.  Capturing and Obscuring Ping-Pong Patterns to Mitigate Continuous Attacks. 2020 Design, Automation Test in Europe Conference Exhibition (DATE). :1408–1413.
In this paper, we observed Continuous Attacks are one kind of common side channel attack scenarios, where an adversary frequently probes the same target cache lines in a short time. Continuous Attacks cause target cache lines to go through multiple load-evict processes, exhibiting Ping-Pong Patterns. Identifying and obscuring Ping-Pong Patterns effectively interferes with the attacker's probe and mitigates Continuous Attacks. Based on the observations, this paper proposes Ping-Pong Regulator to identify multiple Ping-Pong Patterns and block them with different strategies (Preload or Lock). The Preload proactively loads target lines into the cache, causing the attacker to mistakenly infer that the victim has accessed these lines; the Lock fixes the attacked lines' directory entries on the last level cache directory until they are evicted out of caches, making an attacker's observation of the locked lines is always the L2 cache miss. The experimental evaluation demonstrates that the Ping-Pong Regulator efficiently identifies and secures attacked lines, induces negligible performance impacts and storage overhead, and does not require any software support.
2020-05-26
Wang, Kai, Zhao, Yude, liu, Shugang, Tong, Xiangrong.  2018.  On the urgency of implementing Interest NACK into CCN: from the perspective of countering advanced interest flooding attacks. IET Networks. 7:136–140.
Content centric networking (CCN) where content/named data as the first entity has become one of the most promising architectures for the future Internet. To achieve better security, the Interest NACK mechanism is introduced into CCN; however, it has not attracted enough attention and most of the CCN architectures do not embed Interest NACK until now. This study focuses on analysing the urgency of implementing Interest NACK into CCN, by designing a novel network threat named advanced interest flooding attack (AIFA) to attack CCN, which can not only exhaust the pending interest table (PIT) resource of each involved router just as normal interest flooding attack (IFA), but also keep each PIT entry unexpired until it finishes, making it harder to detect and more harmful when compared with the normal IFA. Specifically, the damage of AIFA on CCN architecture with and without Interest NACK is evaluated and analysed, compared with normal IFA, and then the urgency of implementing Interest NACK is highlighted.
2017-05-30
Wang, Kai, Zhang, Yuqing, Liu, Peng.  2016.  Call Me Back!: Attacks on System Server and System Apps in Android Through Synchronous Callback. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :92–103.

Android is the most commonly used mobile device operation system. The core of Android, the System Server (SS), is a multi-threaded process that provides most of the system services. Based on a new understanding of the security risks introduced by the callback mechanism in system services, we have discovered a general type of design flaw. A vulnerability detection tool has been designed and implemented based on static taint analysis. We applied the tool on all the 80 system services in the SS of Android 5.1.0. With its help, we have discovered six previously unknown vulnerabilities, which are further confirmed on Android 2.3.7-6.0.1. According to our analysis, about 97.3% of the entire 1.4 billion real-world Android devices are vulnerable. Our proof-of-concept attack proves that the vulnerabilities can enable a malicious app to freeze critical system functionalities or soft-reboot the system immediately. It is a neat type of denial-of-service at-tack. We also proved that the attacks can be conducted at mission critical moments to achieve meaningful goals, such as anti anti-virus, anti process-killer, hindering app updates or system patching. After being informed, Google confirmed our findings promptly. Several suggestions on how to use callbacks safely are also proposed to Google.